A Feature-Based Analysis & Comparison of IT Automation Tools:
Comparing Kaseya to Windows Server 2003
Developed by:
Timothy Cruz
Flavio Suguimitzu
Advisor:
Dr. S. Masoud Sadjadi
School of Computing and Information Sciences
Florida International University
Contact Information:
,
http://www.cs.fiu.edu/~sadjadi
(305)348-1835
Spring 2010
1. Introduction
Overview: Microsoft’s Windows Server 2003 (W2K3) is the sole foundation of every business cyber-infrastructure. Whether it is a school operating with as little as one hundred computers, or a corporation serving one thousand computers, W2K3 is implemented one way or another. The power that can be harnessed by a system administrator is without a doubt worth its price per license. W2K3 has become the industry standard server platform that even Kaseya requires it in order to be used effectively. Although it is unfair to compare Kaseya to a server Operating System, W2K3 is equipped with enough programs to effectively replicate almost 80% of Kaseya’s IT Management and Automation services to such an extent that depending on the client’s need, it can be the logical choice for their business environment. The rest of this report will comprise of in-depth summary and analysis of W2K3’s capability in comparison to Kaseya’s VSA modules.
Background: Microsoft is one of the world’s leading computer technology corporations that develops and supports a wide range of software products. They were established in Albuquerque, New Mexico, prior to moving to Redmond, Washington in 1986, on April 4, 1975 by William Henry Gates III (known as Bill Gates). They were first known for selling B.A.S.I.C. (Beginner's All-purpose Symbolic Instruction Code) interpreters. Then on January 13, 2000, Steve Ballmer became the president and CEO of Microsoft. Microsoft is a multi-billion dollar company. The company pulled in $58.4 billion in 2009 alone. (http://www.microsoft.com/msft/reports/ar09/10k_fh_fin.html).
Their best product, Microsoft Windows, was first released back in May 22, 1990 with the launch of Windows 3.0.
Windows operating system retains a 91.58% share of the operating system market when compared to other popular operating systems (http://marketshare.hitslink.com/operating-system-market-share.aspx?qprid=8). In 1993, Microsoft released their first server platform called Microsoft Windows NT Advanced Server 3.1 (http://www.microsoft.com/windows/WinHistorySrvrGraphic.mspx). There were many Windows Server OS developed after Windows NT Advanced Server 3.1, but none was as successful as Windows Server 2003, which was released on April 24, 2003.
Microsoft holds and is invited to many major technical keynotes and conferences around the world. They have been a driving force of keeping companies and individuals educated and well trained in both their technology and the technology of other companies. Through MSDN and TechNet, they inform, train, hold online classes and tutorials, support, and certify people from students to veteran IT administrators. Because of their success in training and development, they retain a vast majority of the customer and user base all over the world. Microsoft is a well know and trust technological brand and will be for years to come.
Grouping Managed Devices: Microsoft’s Windows Server 2003 uses Active Directory (AD) to facilitate the management of grouped devices. Anything that AD tracks is considered an object which can constitute a user, resource, system, or service that is managed by AD. AD structures these objects by means of a hierarchical framework. Therefore containers can also be used to group like objects together, such as a set of printers, or a set of users for a specific domain. AD also makes use of a site object, which represents a physical location that hosts networks and contain objects called subnets. Within these subnets there exists a forest, which constitutes a collection of trees and within these trees there are domains.
Functional Coverage:
· Architecture
· Auditing and asset management
· Remote control
· Agent procedures
· Monitoring
· Patch management
· Backup and disaster recovery
· Endpoint security
· User state management
· Help desk
· Reporting
· System/user/admin management
Architecture
The Windows Server 2003 solution is based on an agent-less architecture. Unlike Kaseya, workstations do not need to have any form of software installed in order to be configured to a Windows Server 2003 and there can be many advantages and disadvantages with this type of architecture. Figure 1.10 shows a simplified model of Kaseya’s architecture and what could be accomplished.
Figure 1.10
With Kaseya’s architecture, a single administrator can manage many different computers onsite and offsite. This is the sole advantage with having an agent based solution. With Windows Server 2003, workstations need to be configured manually in order to be interconnected to the Domain Controller and usually the Domain Controller would be used to manage a set of workstations in one location. Kaseya has the ability to manage multiple physical locations. Kaseya’s only requirement is to have the agent installed and be connected to the internet. Windows Server 2003 requires that the workstation be added to the Domain Controller. It requires the workstation to be on the same network environment as the Domain Controller, and if not, it requires a VPN to be setup in order for the workstation to communicate with the Domain Controller.
While Windows Server 2003 can accomplish everything Kaseya does, Windows Server 2003 has more requirements and requires more preliminary setup before IT Administrator can commence any management.
1.2 Auditing & Asset management
Auditing provides a way for Windows Server 2003 to track all events, monitor system, access and ensure system security. Windows Server 2003 audits computers through a well known service called Group Policy (GP). GP is a set of rules that allows the administrator to restrict, or give, certain amount of control to users and computers on a network. The way GP audits computers is totally different from Kaseya’s hardware and software auditing. GP’s auditing can only provide the following information:
§ Account Logon Events
§ Account Management
§ Directory Services Access
§ Logon Events
§ Object Access
§ Policy Change
§ Privilege Use
§ Process Tracking
§ System Events
As shown, most of what GP can audit is based on user and system management. GP can be configured to audit these specified categories in either the “Local Policy” or “Account Policy” for greater depth as to what is audited. An event within each of the previously mentioned category can be set to be audited when it’s either “successful” or “failed”. A report is generated and sent to “Security Log” within Event Viewer.
Unfortunately, GP cannot audit hardware changes or third-party software changes on networked computers. This makes things tedious for the administrator because it is then required to physically attend each computer and audit the computer manually. Unlike Windows Server 2003, Kaseya has the ability to remotely audit computers and set alarms when certain hardware, or software, is changed.
Now in Windows Server 2003, there is a way to do limited advance auditing, via scripting, on all computers throughout the network; however, this requires the administrator to know how to develop the script and deploy the script to each individual computer across the network. Also, the audit script won’t be as informative as Kaseya’s auditing module. This gives the upper edge to Kaseya since the administrator can audit and view reports via Kaseya’s VSA.
1.3 Remote Control
Windows Server 2003 comes with built-in remote control and remote assistance technology, but requires more configuration than Kaseya’s Remote Control module. In Kaseya, once the agent is installed and it has reported back to the Kaseya Server, everything is ready and setup to initiate a Remote Control connection with the workstation. In Windows Server 2003, certain aspects need to be covered before Remote Desktop Connection can work correctly, and both local and offsite types of connections will be covered.
By executing mstsc.exe on the run line, the Remote Desktop Connection application appears asking for the Computer Name. Upon clicking the “Options >” button, the window expands and exposes six different tabs:
· General
· Display
· Local Resources
· Programs
· Experience
· Advanced
In the General tab, the basic logon settings can be entered as well as saving connection settings if this is a workstation that needs to be connected remotely often.
In the Display tab, the size of the resolution that will be displayed from the remote workstation can be set as well as color quality. If the workstation is being accessed locally then resolution and colors can be maximized as bandwidth might not be an issue. However if the computer will be accessed from an offsite location, then configuring the desktop resolution to be lower than 1024x768 pixels with 16-bit color quality might be the logical choice since image quality
In the Local Resources tab, the user can configure to receive the sound off the remote computer, use Windows key combinations (such as Alt + Tab) and configure access to local devices and resources. Figure 1.3.0 shows the types of local devices and resources that can be used remotely.
Figure 1.3.0
Drives can be mapped as well as any USB drives or networked mapped drives on the remote machine. Printers and clipboard data can be used seamlessly from the local machine to the remote machine.
The Programs tab can be configured to have certain programs be executed as soon as a remote connection is made. This is equivalent to having Kaseya’s agent-procedures script be executed as a pre-script.
The Experience tab can be configured to optimize performance based on the connection speed that the remote workstation has as well as the local machine. Certain visual elements can be omitted in order to increase response time. Figure 1.3.1 shows a list of the following properties that can be allowed from allowing desktop background to show to showing the contents of a window while it is being dragged.
Figure 1.3.1
The last tab is the advanced tab and the user can configure the Server Authentication and configure settings to connect through a TS Gateway.
In comparison with Kaseya’s Remote Control module, Kaseya provides a wider variety of tools to interact with the remote workstation. The ability to FTP and view processes remotely without having to actually ‘login’ gives Kaseya the advantage. Kaseya also provides remote connection to workstations that do not have an agent installed by means of reverse connection. This functionality is aimed towards workstations that are located offsite. Since routers and firewalls use NAT to hide the computers in the LAN, by initiating a reverse connection, this allows the admin to connect to the remote workstation without having to forward any ports, therefore giving a significant advantage over the traditional Windows Server 2003 Remote Desktop Connection application. Kaseya also gives added functionality that is outside the scope of Remote Desktop Connection, such as resetting user login passwords and being able to chat with the Users and interact with them.
1.4 Automation
Windows Server 2003 can be completely automated through the use of scripts written in the Visual Basic Script (.vbs extension) language or in Windows PowerShell. VBS is based on the Active Scripting language and incorporates the Component Object Model to be able to interact with environment, while Windows PowerShell is integrated with the .NET Framework, with the ability of accessing the Component Object Model and Windows Management Interface environments. In Kaseya, they use a module called Agent Procedures. Windows Server 2003 also supports other automation scripts, however they are considered to be third party and therefore do not meet the requirements for this report.
In terms of strength and level of sophistication between VBS, Windows PowerShell and Agent Procedures, Windows PowerShell is the most sophisticated out of all three because it is built on the .NET framework. This opens new doors that Agent Procedures and VBS cannot fathom. Although VBS is sophisticated because it allows a higher degree of scripting; scripting in PowerShell would be any System Administrator’s dream. To be able to script with .NET API and to grasp some of the aspects that Unix/Linux based shells have, such as the pipeline, it makes scripting enjoyable.
Kaseya’s Agent Procedures on the other hand, does allow basic commands such as the “If-Then-Else” and the use of variables and 64-bit commands. Kaseya does not grant users the ability to use a pipeline in order to compound complex commands, and does not give any form of For, Do, While loops or any error handling. Agent Procedures however wins in overall ease of use. Somewhat like Microsoft’s IntelliSense, Agent Procedures gives you a list of possible commands that can be used and this can be proved useful if the API is not available.
Although experienced UNIX and Windows Administrators might feel like Kaseya is lacking in the scripting department, Agent Procedures can be used to run scripts that are saved on the workstations or Domain Controllers. Therefore, Agent Procedures can interact with the .NET framework for scripting if it calls on pre-written scripts, however neither PowerShell nor VBS can call on Agent Procedures therefore limiting the automation only to its own language.
1.5 Monitoring
In terms of monitoring, Windows Server 2003 contains Event Viewer (EV). Using the event logs in EV, one can gather information about hardware problems, software problems, system problems, and security events. Custom logs can be configured for certain applications or other events. An example of how EV looks can be viewed in Figure 1.5.0. EV contains the following five base categories:
§ System
§ Security
§ Application
§ Setup
§ Forwarded Events
Figure 1.5.0
EV has the option of remotely connecting to a computer and pulling the remote computer’s log files, making it useful for administrators. Unlike Kaseya’s Monitoring module, EV is unable to create alarms when certain thresholds are reached, either by software or hardware issues. For an administrator to check on each individual computer on the network, he would have to remotely connect to each individual EV through the Windows Server 2003’s EV. This makes things harder for the administrator in a corporate environment when the individual has to take care of hundreds and hundreds of computers.
1.6 Patch Management
To administer patches and hot fixes for Windows NT environments, Windows Server 2003 utilizes Windows Server Update Service (WSUS). This service is downloaded as a separate install from the Microsoft website and not included in the default install of Windows Server 2003. Like Kaseya’s Patch Management module, WSUS cannot be used on any non-Windows system.